Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Resolver not working

    DHCP and DNS
    2
    9
    269
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ITDan last edited by

      Good morning.
      I have a customer that we just aquired that is using a PFsense firewall with version 2.3,x of firmware. Their internet went down yesterday and after troubleshooting, we found that the issue was DNS. The DNS resolver service was not running on the firewall and when you try to start it, it fails. However the dns resolver is checked off in "services". The temp fix for me was to manually put in DNS servers for each of the DHCP scopes.

      I tried to upgrade the firmware but that failed without much notification as to why. All the diagnostics on the hardware seem to check out from what I can tell.

      What information do you guys need from me to help me troubleshoot this issue? I did reboot the device and make a backup of the config already.

      Thanks!

      Dan

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Is it an actual netgate appliance, some DIY box - some china box?

        Details of the hardware
        What is the error in the log when the resolver tries to start?
        What is the error when you try to upgrade?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        I 1 Reply Last reply Reply Quote 0
        • I
          ITDan @johnpoz last edited by

          @johnpoz I am not too familiar with the interface so I am looking for the logs now for you.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            What is the hardware?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            I 1 Reply Last reply Reply Quote 0
            • I
              ITDan @johnpoz last edited by

              @johnpoz It's a Netgate SG-2440

              I did find this in the logs, looks like someone is trying to gain access:
              Sep 14 09:24:32 sshd 9241 Failed password for root from 187.189.27.112 port 46502 ssh2
              Sep 14 09:24:32 sshd 9241 Connection closed by 187.189.27.112 port 46502 [preauth]
              Sep 14 09:24:34 sshd 9679 Invalid user ubnt from 186.47.169.189
              Sep 14 09:24:34 sshd 9679 input_userauth_request: invalid user ubnt [preauth]
              Sep 14 09:24:35 sshd 9679 Failed password for invalid user ubnt from 186.47.169.189 port 55229 ssh2
              Sep 14 09:24:35 sshd 9679 Connection closed by 186.47.169.189 port 55229 [preauth]
              Sep 14 09:24:38 sshd 10185 Invalid user telecomadmin from 143.255.153.159
              Sep 14 09:24:38 sshd 10185 input_userauth_request: invalid user telecomadmin [preauth]
              Sep 14 09:24:38 sshd 10185 Failed password for invalid user telecomadmin from 143.255.153.159 port 57483 ssh2
              Sep 14 09:24:39 sshd 10185 Connection closed by 143.255.153.159 port 57483 [preauth]
              Sep 14 09:24:42 sshd 10599 Failed password for admin from 73.83.56.31 port 52580 ssh2
              Sep 14 09:24:42 sshd 10599 Connection closed by 73.83.56.31 port 52580 [preauth]
              Sep 14 09:24:46 sshd 11009 Failed password for admin from 41.79.66.112 port 48675 ssh2
              Sep 14 09:24:47 sshd 11009 Connection closed by 41.79.66.112 port 48675 [preauth]

              1 Reply Last reply Reply Quote 0
              • I
                ITDan last edited by

                Sep 14 09:41:06 unbound 77171:0 error: validator: could not apply configuration settings.
                Sep 14 09:41:06 unbound 77171:0 error: module init for module validator failed
                Sep 14 09:41:06 unbound 77171:0 fatal error: failed to setup modules
                Sep 14 09:45:30 unbound 52959:0 notice: init module 0: validator
                Sep 14 09:45:30 unbound 52959:0 error: failed to read /root.key
                Sep 14 09:45:30 unbound 52959:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
                Sep 14 09:45:30 unbound 52959:0 error: validator: error in trustanchors config
                Sep 14 09:45:30 unbound 52959:0 error: validator: could not apply configuration settings.
                Sep 14 09:45:30 unbound 52959:0 error: module init for module validator failed
                Sep 14 09:45:30 unbound 52959:0 fatal error: failed to setup modules

                1 Reply Last reply Reply Quote 0
                • I
                  ITDan last edited by

                  My General log also is flooded with these now:

                  Sep 14 09:54:29 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
                  Sep 14 09:54:29 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
                  Sep 14 09:54:30 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid)

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    Well yeah having ssh open to the public is going to fill our logs with noise ;) Lots of bots out there looking insecure ssh.. You could see 1000's of these a day.. This is why you normally don't have ssh open to the public unless you lock it down to your known source Ips, for sure it should be publickey only and prob run some sort of fail2ban to lower the brute force noise in the logs. Changing the port can also lower the log spam..

                    This is OLD... But same sort of problem it looks like with your roots..
                    https://forum.netgate.com/topic/78531/unbound-cannot-start-in-2-2-release/2

                    can't hurt to try this
                    https://forum.netgate.com/post/510554

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                    I 1 Reply Last reply Reply Quote 0
                    • I
                      ITDan @johnpoz last edited by

                      @johnpoz said in DNS Resolver not working:

                      This is OLD... But same sort of problem it looks like with your roots..
                      https://forum.netgate.com/topic/78531/unbound-cannot-start-in-2-2-release/2
                      can't hurt to try this
                      https://forum.netgate.com/post/510554

                      Thank you! I will try this on Monday. We didn't setup this equipment so I am playing catch-up. I love the idea of this open source firewall though, and so far the community seems great!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post